--- /dev/null
+package club.wpia.gigi.crypto.key;
+
+import java.security.PublicKey;
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Set;
+
+import club.wpia.gigi.GigiApiException;
+
+public abstract class KeyCheck {
+
+ protected static final Set<KeyCheck> checks = new LinkedHashSet<KeyCheck>();
+
+ public static List<KeyCheck> getChecks() {
+ return Collections.list(Collections.enumeration(checks));
+ }
+
+ public static void register(KeyCheck check) {
+ checks.add(check);
+ }
+
+ public abstract void check(PublicKey key) throws GigiApiException;
+
+ public static void checkKey(PublicKey key) throws GigiApiException {
+
+ if (checks.isEmpty()) {
+ // Mandatory checks are registered here
+ }
+
+ if (key == null) {
+ throw new GigiApiException("Failed key sanity check: No key given!");
+ }
+
+ for (KeyCheck kc : checks) {
+ kc.check(key);
+ }
+
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (o == null) {
+ return false;
+ }
+
+ if (o == this) {
+ return true;
+ }
+
+ return getClass().equals(o.getClass());
+ }
+
+ @Override
+ public int hashCode() {
+ return getClass().hashCode();
+ }
+
+}
import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.crypto.SPKAC;
+import club.wpia.gigi.crypto.key.KeyCheck;
import club.wpia.gigi.dbObjects.Certificate;
import club.wpia.gigi.dbObjects.Certificate.CSRType;
import club.wpia.gigi.dbObjects.Certificate.SANType;
this(c, csr, (CertificateProfile) null);
}
- public CertificateRequest(AuthorizationContext ctx, String csr, CertificateProfile cp) throws GeneralSecurityException, IOException, IOException {
+ public CertificateRequest(AuthorizationContext ctx, String csr, CertificateProfile cp) throws GeneralSecurityException, IOException, IOException, GigiApiException {
this.ctx = ctx;
if (cp != null) {
profile = cp;
}
this.SANs = SANs;
pk = parsed.getSubjectPublicKeyInfo();
+ KeyCheck.checkKey(pk);
+
String sign = getSignatureAlgorithm(data);
guessDigest(sign);
throw new GigiApiException("Challenge mismatch");
}
pk = parsed.getPubkey();
+ KeyCheck.checkKey(pk);
+
String sign = getSignatureAlgorithm(data);
guessDigest(sign);
this.SANs = new HashSet<>();
this.csr = "SPKAC=" + cleanedSPKAC;
this.csrType = CSRType.SPKAC;
-
}
private static String getSignatureAlgorithm(byte[] data) throws IOException {
--- /dev/null
+package club.wpia.gigi.crypto.key;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.PublicKey;
+
+import org.junit.Test;
+
+import sun.security.util.DerValue;
+import sun.security.x509.X509Key;
+import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.util.PEM;
+
+public class KeyCheckTest {
+
+ public static PublicKey pkFromString(String pub) throws GeneralSecurityException, IOException {
+ byte[] data = PEM.decode("PUBLIC KEY", pub);
+ DerValue der = new DerValue(data);
+ PublicKey key = X509Key.parse(der);
+
+ return key;
+ }
+
+ @Test
+ public void testNullKey() {
+ try {
+ KeyCheck.checkKey(null);
+ fail("Providing a null key should fail!");
+ } catch (GigiApiException gae) {
+ assertTrue(true);
+ }
+ }
+
+}